Review access of an access package in entitlement management
Entitlement management simplifies how enterprises manage access to groups, applications, and SharePoint sites. This article describes how to perform access reviews for other users that are assigned to an access package as a designated reviewer.
Prerequisites
Using this feature requires Microsoft Entra ID Governance or Microsoft Entra Suite licenses. To find the right license for your requirements, see Microsoft Entra ID Governance licensing fundamentals.
Open the access review
As at least an Identity Governance Administrator, use the following steps to find and open the access review:
You could receive an email from Microsoft that asks you to review access. Locate the email to open the access review. Here's an example email to review access:
Select the Review user access link to open the access review.
If you don’t have the email, you can find your pending access reviews by navigating directly to https://myaccess.microsoft.com. (For US Government, use
https://myaccess.microsoft.us
instead.)Select Access reviews on the left navigation bar to see a list of pending access reviews assigned to you.
Select the review that you’d like to begin.
Perform the access review
Once you open the access review, you see the names of users for which you need to review. There are two ways that you can approve or deny access:
- You can manually approve or deny access for one or more users
- You can accept the system recommendations
Manually approve or deny access for one or more users
Review the list of users and determine which users need to continue to have access.
To approve or deny access, select the radio button to the left of the user’s name.
Select Approve or Deny in the bar above the user names.
If you aren't sure, you can select the Don’t know button.
If you make this selection, the user maintains access, and this selection goes in the audit logs. The log shows any other reviewers that you still completed the review.
You could be required to provide a reason for your decision. Type in a reason and select Submit.
You can change your decision at any time before the end of the review. To do so, select the user from the list and change the decision. For example, you can approve access for a user you previously denied.
If there are multiple reviewers, the last submitted response is recorded. Consider an example where an administrator designates two reviewers – Alice and Bob. Alice opens the review first and approves access. Before the review ends, Bob opens the review and denies access. In this case, the last deny access decision gets recorded.
Note
If a user is denied access in the review, they aren't removed from the access package immediately. The user will be removed from the access package once the review results are applied after the review is closed. The review will close automatically at the end of the review duration or earlier if an administrator manually stops the review.
Approve or deny access using the system-generated recommendations
To review access for multiple users more quickly, you can use the system-generated recommendations, accepting the recommendations with a single select. The recommendations are generated based on the user's sign-in activity.
In the bar at the top of the page, select Accept recommendations.
You see a summary of the recommended actions.
Select Submit to accept the recommendations.